Get the latest news about SolarWinds Security Event Manager (SEM)
Good morning; We have a machine running the MSSQL Auditor looking at multiple MS SQL servers. It is failing file audit failures about 8700 times per hour on D: \ The process name: C:\Program Files (x86)\SolarWinds Log and Event Manager MSSQL Auditor\MSSQLAuditor.exe. I believe the D: \ is the dvd drive on the system which…
Hi, Basically, I need to forward logs from our Fortigate 100E v6.0.1 to LEM. I found instructions for integrating Fortigate to LEM in the Solarwinds website, see below link, but it's for 4.x and 5.x. Just want to know if the instructions still for the FortiOS 5.x still applies for 6.x? I really don't want to experiment…
HI All, I am receiving email alerts from two different email addresses of solarwinds LEM. (LEM@solarwinds.com & lem@solarwinds.com).Please let me know how I can disable one of them and receive only one alert.
I have a federal STIG requirement to monitor for when the SIEM reaches 75% of disk space used. The default rule out of the box called "SolarWinds Disk Warning" uses 90% used as the trigger for the warning. The problem I'm having is in the rule I don't see any 90% listed anywhere in the logic. How does this rules work? The…
I am trying to get LEM to monitor our Kaspersky administration server. I have the Kaspersky Administration Kit connector enabled on the node that is our Kaspersky Administration server. I am not sure if I have it setup correctly though because I am not seeing any events from the connector. I also read that WMI is another…
I have some windows agents that have the LEM appliance IP ending in .85 and I need the agent to point to .185 instead. I thought rerunning the remote installer on the list of hosts would fix this but it's not. Is there some command line flags I can pass the installer to make it update the LEM appliance IP the agent is…
HI, Please let me know,How an we detect attacks from CISCO ASA Firewall using LEM.I have read about various ASA SIDs being logged as syslog messages by cisco firewall upon which cisco recommend some action.What is the best practice be utilized to detect attacks intrusions from Cisco ASA firewall using lem.
I am running the report logon failures by user and want to look at outside business hours, previous day 6pm to current day 6am. I can manually run the report but I need it to run on a daily schedule. When I attempt to schedule using user defined start and end times, it just runs the same day range each day, (10/1/2016 6pm…
Hi, We are about to purchase Solarwinds but need to work out licensing costs first. We have 10 hosts running docker, there are 50 containers running across the hosts. If we wanted to log data for all containers how many LEM licenses would this use. 10. 50 or 60? Thanks, Phil
I've run into an issue with the Sysmon connector on machines running Sysmon v8. The network connect events are no longer properly formatted and information is lost. Below is a screenshot of two events, one from a machine running v8 and one running v7.2. Sysmon v8 added a field called Rule Name to the output, so perhaps…
It looks like you're new here. Sign in or register to get started.